|
Title: If you have a Bitcoin website or you are starting one get a FREE SSL (HTTPS) Post by: rme on July 23, 2014, 10:45:15 PM In the Bitcoin community we love crypto, that also includes loving https, bitcointalk.org, blockchain.info, bitstamp.net, bitcoin.org, all of them are using HTTPS right now.
Now you can also get a SSL certificate for your website for free (Yes, free as a free beer, forever) going to https://startssl.org To setup and install it for free I recommend reading this tutorial: # How To Set Up Apache with a Free Signed SSL Certificate -> https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-with-a-free-signed-ssl-certificate-on-a-vps Note: it does not matter your provider, you dont need a server at digitalocean, it works in any Dedicated Server or VPS Now that you have HTTPS in your website you should redirect http:// to https:// using this code in your .htaccess Code: RewriteEngine On Also if you want enable HSTS to avoid SSLstrip attacks including this code in your .htaccess: Code: Header set Strict-Transport-Security "max-age=31536000" env=HTTPS Title: Re: If you have a Bitcoin website or you are starting one get a FREE SSL (HTTPS) Post by: semobo on July 23, 2014, 11:37:50 PM StartSSL is good for starters, but I wouldn't recommend it long term. It's root certificate isn't fully trusted on all browsers. So you'll likely get the little yellow warning, which can make people think it's not trusted. I know on Firefox you can't browse a site with StartSSL unless you add its root authority to the certificate store manually. The free version has no validation or verification at all. Any scammer can get one, this is why it's not trusted fully.
Title: Re: If you have a Bitcoin website or you are starting one get a FREE SSL (HTTPS) Post by: rme on July 23, 2014, 11:52:20 PM StartSSL is good for starters, but I wouldn't recommend it long term. It's root certificate isn't fully trusted on all browsers. So you'll likely get the little yellow warning, which can make people think it's not trusted. I know on Firefox you can't browse a site with StartSSL unless you add its root authority to the certificate store manually. The free version has no validation or verification at all. Any scammer can get one, this is why it's not trusted fully. Nope, works perfectly with firefox, I use it in some websites. Also the verification is done with an email to webmaster@domain just like everyone else do (I mean cheap certificates, 30$ or less). Title: Re: If you have a Bitcoin website or you are starting one get a FREE SSL (HTTPS) Post by: rme on July 24, 2014, 06:17:54 AM ssl , by firefox..it is free What are you meaning? ??? Title: Re: If you have a Bitcoin website or you are starting one get a FREE SSL (HTTPS) Post by: W-M on July 25, 2014, 09:41:13 PM It works in FireFox(i.e. Gecko) just as well as in other browsers. However, StartSsl is slow to update their OSCP entry for your site. As FireFox uses this to see if your site is absolutely safe, it takes +- 24 hours after getting one of their certificates until FireFox will display it properly.
Although their site is a little clunky, I really like StartSSL and their service. I've been using the free certificate for https://last-mail.org (https://last-mail.org), where it works perfectly. About the tutorial: -You do not need Google Chrome at all to perform these steps. -Many web servers have a hosting packet such as cPanel, which greatly reduce the amounts of steps to take. There are also tutorials available on the site of StartSsl itself. Title: Re: If you have a Bitcoin website or you are starting one get a FREE SSL (HTTPS) Post by: redsn0w on July 25, 2014, 11:35:08 PM In the Bitcoin community we love crypto, that also includes loving https, bitcointalk.org, blockchain.info, bitstamp.net, bitcoin.org, all of them are using HTTPS right now. Now you can also get a SSL certificate for your website for free (Yes, free as a free beer, forever) going to https://startssl.org To setup and install it for free I recommend reading this tutorial: # How To Set Up Apache with a Free Signed SSL Certificate -> https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-with-a-free-signed-ssl-certificate-on-a-vps Note: it does not matter your provider, you dont need a server at digitalocean, it works in any Dedicated Server or VPS Now that you have HTTPS in your website you should redirect http:// to https:// using this code in your .htaccess Code: RewriteEngine On Also if you want enable HSTS to avoid SSLstrip attacks including this code in your .htaccess: Code: Header set Strict-Transport-Security "max-age=31536000" env=HTTPS Thanks, I'll use this SSL in one of my sites! Title: Re: If you have a Bitcoin website or you are starting one get a FREE SSL (HTTPS) Post by: anivia on July 27, 2014, 08:54:08 AM Just curious, we can use that in any site, does that mean it is like any open source stuff available for everyone on internet to use & can be used securely to keep information or any hacking away! ::)
|